[原文]Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.

-
漏洞描述

Microsoft PowerPoint contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a user opens a malicious PowerPoint ppt file that causes an unspecified security fault in the mso.dll. It is possible that the flaw may allow to execute arbitrary code with the privileges of the user resulting in a loss of integrity.

-
时间线

公开日期:
2006-07-15

发现日期:
Unknow

利用日期:Unknow

解决日期:Unknow

-
解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

-
受影响的程序版本

-
漏洞讨论

Microsoft PowerPoint is prone to multiple remote vulnerabilities.

Three proof-of-concept exploit files designed to trigger vulnerabilities in PowerPoint have been released.

It is currently unknown if these three exploit files pertain to newly discovered, unpublished vulnerabilities or if they exploit previously disclosed issues. These issues may allow remote attackers to cause crashes or to execute arbitrary machine code in the context of the affected application, but this has not been confirmed.

This BID will be updated and potentially split into individual records as further analysis is completed.

Microsoft PowerPoint 2003 is vulnerable to these issues; other versions may also be affected.

-
漏洞利用

The following proof-of-concept exploit files are available to demonstrate these issues:

-
解决方案

Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.